Information request and response under the Freedom of Information (Scotland) Act 2002
FOI Reference: FOI/202400398977
Date received: 14 February 2024
Date responded: 8 March 2024
Information Requested
Request for information 1: Can I have a copy of your safeguarding policy?
Request for information 2: Can I have a copy of your privacy/GDPR policy?
Request for information 3: Who is responsible for ensuring your safeguarding policy in adhered too across all social security scotland employees?
Request for information 4: Who is responsible for ensuring your Privacy/GDPR policy in adhered too across all social security scotland employees?
Request for information 5: Who is responsible for ensuring employee's are trained in their duties under the equality act?
Request for information 6: And what training do you provide in regards to the 3 policies above to all staff in front facing roles?
Response
Request for information 1:
While our aim is to provide information whenever possible, in this instance Social Security Scotland does not have the information you have requested.
While there is not a policy called Safeguarding, the approach to safeguarding in Social Security Scotland is laid out in guidance and training. All public facing staff complete mandatory risk-of-harm training, and must complete this training annually.
Where Social Security Scotland staff identify an individual as being at immediate or potential risk of harm, they report these concerns to the internal Safeguarding Team, as per our guidance. Where appropriate the safeguarding team will refer it onwards to the relevant authorities.
Social Security Scotland Charter commits to putting the respect for dignity of individuals at the heart of the Scottish social security system, and part of that is reflected in Ministers bringing forward the Social Security Information-Sharing (Scotland) Amendment Regulations 2024 related to safeguarding referrals.
This is a formal notice under section 17(1) of FOISA that the Scottish Government does not have the information you have requested.
Request for information 2:
Most of the information you have requested is available from:
Please find the privacy notice found here: https://www.socialsecurity.gov.scot/privacy-notice
For information on how we process our clients’ personal data, please see the following privacy information: https://www.mygov.scot/social-security-data
Under section 25(1) of FOISA, we do not have to give you information which is already reasonably accessible to you. If, however, you do not have internet access to obtain this information from the website(s) listed, then please contact me again and I will send you a paper copy.
Attached is a copy of Social Security Scotland data protection policy.
An exemption under section 38(1)(b) of FOISA (personal information) applies to a small amount of the information requested because it is personal data of a third party, ie personal names, and disclosing it would contravene the data protection principles in Article 5(1) of the General Data Protection Regulation and in section 34(1) of the Data Protection Act 2018. This exemption is not subject to the ‘public interest test’, so we are not required to consider if the public interest in disclosing the information outweighs the public interest in applying the exemption.
Request for information 3:
Line managers are responsible for ensuring Safeguarding procedures are adhered to by staff. The Chief Executive as Accountable Officer holds the responsible officer role for Social Security Scotland.
Request for information 4:
Data Protection and Information Governance lead |
Owns, approves and monitors compliance with the policy. |
Data Protection and Information Governance team |
Carries out activities as described in the policy and keeps the policy under review. |
Information Asset Owner |
Approves relevant Data Protection Impact Assessments following review by the Data Protection Officer, and manages risks to information assets they are responsible, assigns an individual in their business area to keep Data Protection Impact Assessments under review and schedule reviews of it when circumstances change. |
Chief Information Security Officer |
Provides technical and organisation security measures to protect personal data. |
All colleagues |
Report personal data breaches and suspected personal data breaches, and receipt of data subject requests to the Data Protection and Information Governance team for further action, and complete annual data protection e-learning and any other required data protection training. |
Request for information 5:
The Deputy Director for People and Places and Deputy Director of Health & Social Care hold senior responsibility for Equality Act training delivery within Social Security Scotland.
Request for information 6:
All public facing staff complete mandatory risk-of-harm training, and must complete the training annually. The Equality training course is mandatory for all employees. Data protection training is delivered in two annual mandatory Data Protection e-learning modules for all employees.
About FOI
Social Security Scotland is committed to publishing responses to requests. The Scottish Government also publishes responses to requests. You can view the responses at http://www.gov.scot/foi-responses.